Search for vulnerabilities
Vulnerability details: VCID-g4aj-rwe8-aaaa
Vulnerability ID VCID-g4aj-rwe8-aaaa
Aliases CVE-2015-2696
Summary lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.
Status Published
Exploitability 0.5
Weighted Severity 6.4
Risk 3.2
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-18 DEPRECATED: Source Code
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2696.html
epss 0.13166 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.13166 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.13166 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.15854 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.16475 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.16993 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.16993 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.16993 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.16993 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.16993 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.16993 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.16993 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.16993 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.16993 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.16993 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
epss 0.16993 https://api.first.org/data/v1/epss?cve=CVE-2015-2696
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1275869
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697
cvssv2 7.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 7.1 https://nvd.nist.gov/vuln/detail/CVE-2015-2696
generic_textual Low https://ubuntu.com/security/notices/USN-2810-1
Reference id Reference type URL
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2696.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2696.json
https://api.first.org/data/v1/epss?cve=CVE-2015-2696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/krb5/krb5/commit/e04f0283516e80d2f93366e0d479d13c9b5c8c2a
https://security.gentoo.org/glsa/201611-14
https://ubuntu.com/security/notices/USN-2810-1
http://www.debian.org/security/2015/dsa-3395
http://www.securityfocus.com/bid/90675
http://www.securitytracker.com/id/1034084
http://www.ubuntu.com/usn/USN-2810-1
1275869 https://bugzilla.redhat.com/show_bug.cgi?id=1275869
803084 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803084
cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*
CVE-2015-2696 https://nvd.nist.gov/vuln/detail/CVE-2015-2696
USN-2810-1 https://usn.ubuntu.com/2810-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2015-2696
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.95527
EPSS Score 0.13166
Published At Dec. 19, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.